<?php 
require_once("../includes/functions.php");
require_once("../includes/session.php"); 
ensure_logged_in("admin");
generate_header("admin", "FSE Bank Admin Page");
connect_db();
?>
<div id="single_main_block">
  <?php	// "Handlers"
  $action = "NULL";
if(isset($_GET['action']))
  $action = $_GET['action'];
	
if(!isset($_POST['submit'])){
}
	
else if($action == "cua"){	// create new user account
    
  // first get all postdata
  $userid = strip_tags(htmlspecialchars($_POST["userid"]));
  $userpass = strip_tags(htmlspecialchars($_POST["userpass"]));
  $userpassconfirm = strip_tags(htmlspecialchars($_POST["userpassconfirm"]));
  $usertype = strip_tags(htmlspecialchars($_POST["usertype"]));
  $userfname = strip_tags(htmlspecialchars($_POST["userfname"]));
  $usermname = strip_tags(htmlspecialchars($_POST["usermname"]));
  $userlname = strip_tags(htmlspecialchars($_POST["userlname"]));
  $userssn = strip_tags(htmlspecialchars($_POST["userssn"]));
  $userbdate = strip_tags(htmlspecialchars($_POST["userbdate"]));
  $userbmonth = strip_tags(htmlspecialchars($_POST["userbmonth"]));
  $userbyear = strip_tags(htmlspecialchars($_POST["userbyear"]));
  $useraddone = strip_tags(htmlspecialchars($_POST["useraddone"]));
  $useraddtwo = strip_tags(htmlspecialchars($_POST["useraddtwo"]));
  $useraddcity = strip_tags(htmlspecialchars($_POST["useraddcity"]));
  $useraddstate = strip_tags(htmlspecialchars($_POST["useraddstate"]));
  $useraddzip = strip_tags(htmlspecialchars($_POST["useraddzip"]));
  $userphone = strip_tags(htmlspecialchars($_POST["userphone"]));
  $useremail = strip_tags(htmlspecialchars($_POST["useremail"]));
  $userbranch = strip_tags(htmlspecialchars($_POST["userbranch"])); 

  $useradd = $useraddone ."\n". $useraddtwo;
  $userdob = $userbyear . "-" . $userbmonth . "-" . $userbdate ;
  $username = $userfname . " " . $usermname . " " . $userlname;

  $resultargs = "&resend=1&userid={$userid}&usertype={$usertype}";
  $resultargs .= "&userfname={$userfname}&usermname={$usermname}&userlname={$userlname}&userbdate={$userbdate}";
  $resultargs .= "&userbmonth={$userbmonth}&userbyear={$userbyear}&useraddone={$useraddone}&useraddtwo={$useraddtwo}&useraddcity={$useraddcity}";
  $resultargs .= "&useraddstate={$useraddstate}&useraddzip={$useraddzip}&userphone={$userphone}&useremail={$useremail}&userbranch={$userbranch}";

  if(empty($userid) || empty($userpass) || empty($userpassconfirm) 
     || empty($userfname) || empty($usermname) || empty($userlname) 
     || empty($userssn) || empty($userbdate) || empty($userbmonth) 
     || empty($userbyear) || empty($useraddone)
     || empty($useraddcity) || empty($useraddstate) || empty($useraddzip) 
     || empty($userphone) || empty($useremail)){
    // if they failed to fill in all mandatory forms
    redirect_to("administrator_home.php?action=cua&stat=-1&{$resultargs}");
  }
  else if(strlen($userssn)!=9 && (intval($userssn))){ // Check if ssn length is fine
    redirect_to("administrator_home.php?action=cua&stat=-9&{$resultargs}");
  }
  else {	// if they filled all the forms
    //Check if user exists  - check on ID, SSN, Email Address
    $valid = is_existing_user($userid,$userssn,$useremail);

    if (!$valid){
      $message = create_user($userid,$userpass,$usertype, $userphone, $useradd, $useraddcity, $useraddstate, $useraddzip, $username, $userssn, $userdob, $useremail, $userbranch);
      redirect_to("administrator_home.php?action=cua&stat=1");
    }
    else
      redirect_to("administrator_home.php?action=cua&stat=-2");
  }
}
	
else if($action == "cuas"){// change user account status
  if($_POST['submit'] == "Submit"){ //Check if user has sent form data
    // first get all postdata
    $acctid = $_POST["acctid"];
    $acctstatus = $_POST["acctstatus"];

    $response = "acctid={$acctid}&acctstatus={$acctstatus}";

    if(empty($acctid) || empty($acctstatus) || !is_numeric($acctid)){
      // if they failed to fill in all mando forms
      redirect_to("administrator_home.php?action=cuas&stat=-1&{$response}");
    }
    else if(!is_existing_account($acctid)){ //If account does not exist
      redirect_to("administrator_home.php?action=cuas&stat=-6");
    }
    else{ //If account exists, update the account
      update_account_attribute($acctid, "AccountStatus", $acctstatus);
      redirect_to("administrator_home.php?action=cuas&stat=3");
    }
  }
}


else if($action == "respass"){	// change user account password
  // first get all postdata
  $userid = $_POST["userid"];

  if(empty($userid)){
    // if they failed to fill in all mando forms
    redirect_to("administrator_home.php?action=respass&stat=-1");
  }
  else {	// if they filled in the form, check if user exists
    if(!is_existing_user($userid,"","", false)){ //If user does not exist
      redirect_to("administrator_home.php?action=respass&stat=-3");
    }
    else{ //Change passwords
      change_password("password", $userid);
      redirect_to("administrator_home.php?action=respass&stat=4");
    }
  }
}

	
else if($action == "cuai" && isset($_POST['submit'])){ 
  if($_POST['submit'] == "CheckID"){//If user has given info from first stage
    if(isset($_POST['userid'])){ //If a valid format userid has been given
      if(!is_existing_user(mysql_real_escape_string($_POST['userid']), "", "", false)){ //If such a user does not exist
	redirect_to("administrator_home.php?action=cuai&stat=-3");
      }
      else{ //If user does exist in the system, get user details and pass on to form
	$userinfoquery = "SELECT * from User WHERE UserID=\"" . mysql_real_escape_string($_POST['userid']) . "\";";
	$userqueryresult = mysql_query($userinfoquery);
	confirm_query($userqueryresult);
	$getuser = mysql_fetch_array($userqueryresult);

	list($day, $month, $year) = explode("-", $getuser['DOB']);
	list($addone, $addtwo) = explode("\n", $getuser['Address']);
	list($fname, $mname, $lname) = explode(" ", $getuser['Name']);

	$response =  "userid=" . $getuser['UserID'];
	$response .=  "&userfname=" . $fname;
	$response .=  "&usermname=" . $mname;
	$response .=  "&userlname=" . $lname;
	$response .=  "&userssn=" . $getuser['SSN'];
	$response .=  "&userbdate=" . $day;
	$response .=  "&userbmonth=" . $month;
	$response .=  "&userbyear=" . $year;
	$response .=  "&useraddone=" . $addone;
	$response .=  "&useraddtwo=" . $addtwo;
	$response .=  "&useraddcity=" . $getuser['City'];
	$response .=  "&useraddstate=" . $getuser['State'];
	$response .=  "&useraddzip=" . $getuser['Zip'];
	$response .=  "&userphone=" . $getuser['PhoneNumber'];
	$response .=  "&useremail=" . $getuser['Email'];
	$response .= "&usertype=" . $getuser['TypeID'];
	
	redirect_to("administrator_home.php?action=cuai&rightuser=1&{$response}");
      }
    }
    else{ //If an empty or weird userid has been given
      redirect_to("administrator_home.php?action=cuai&stat=-3");

    }
  }

  else if($_POST['submit'] == "Submit New Information"){ //If user has given info from second stage
    // first get all postdata
    $userid = $_POST["userid"];
    $userfname = $_POST["userfname"];
    $usermname = $_POST["usermname"];
    $userlname = $_POST["userlname"];
    $useraddone = $_POST["useraddone"];
    $useraddtwo = $_POST["useraddtwo"];
    $useraddcity = $_POST["useraddcity"];
    $useraddstate = $_POST["useraddstate"];
    $useraddzip = $_POST["useraddzip"];
    $userphone = $_POST["userphone"];
    $useremail = $_POST["useremail"];

    $response =  "userid={$userid}";
    $response .=  "&userfname={$userfname}";
    $response .=  "&usermname={$usermname}";
    $response .=  "&userlname={$userlname}";
    $response .=  "&useraddone={$useraddone}";
    $response .=  "&useraddtwo={$useraddtwo}";
    $response .=  "&useraddcity={$useraddcity}";
    $response .=  "&useraddstate={$useraddstate}";
    $response .=  "&useraddzip={$useraddzip}";
    $response .=  "&userphone={$userphone}";
    $response .=  "&useremail={$useremail}";
		
    if(strlen($useraddstate) != 2){
      // user state is invalid
      redirect_to("administrator_home.php?action=cuai&rightuser=1&stat=-5&{$response}");
    }
    else {	// if they filled the fields correctly
      $username = $userfname . " " . $usermname . " " . $userlname;
      $useradd = $useraddone . "\n" . $useraddtwo;
      change_user_info( $userid, $username, $useradd, $useraddcity, $useraddstate, $useraddzip, $userphone, $useremail);
      redirect_to("administrator_home.php?action=cuai&rightuser=1&stat=2&{$response}");
    }
  }
}
?>
<?php	// Forms
admin_argumenthandler();
 
if($action == "NULL"){	//default
  echo "<h1>Welcome to the administrator home page.</h1>";
  echo "<h3>Logged in: {$_SESSION['user_id']}</h3>";
  echo "<p>What would you like to do today?</p>";
}
	
else if($action == "cua"){ //create new user account
  if(isset($_GET['resend'])){
    
    $userid= $_GET['userid'];
    $usertype= $_GET['usertype'];
    
    $userfname= $_GET['userfname'];
    $usermname= $_GET['usermname'];
    $userlname= $_GET['userlname'];
    $userbdate= $_GET['userbdate'];
    
    $userbmonth= $_GET['userbmonth'];
    $userbyear= $_GET['userbyear'];
    $useraddone= $_GET['useraddone'];
    $useraddtwo= $_GET['useraddtwo'];
    $useraddcity= $_GET['useraddcity'];
    
    $useraddstate= $_GET['useraddstate'];
    $useraddzip= $_GET['useraddzip'];
    $userphone= $_GET['userphone'];
    $useremail= $_GET['useremail'];
    $userbranch= $_GET['userbranch'];
  }
  else{
    $userid = "";
    $usertype = "";
    
    $userfname = "";
    $usermname = "";
    $userlname = "";
    $userbdate = "";
    
    $userbmonth = "";
    $userbyear = "";
    $useraddone = "";
    $useraddtwo = "";
    $useraddcity = "";
    
    $useraddstate = "";
    $useraddzip = "";
    $userphone = "";
    $useremail = "";
    $userbranch = "";
  }
  echo "
	<form action=\"administrator_home.php?action=cua\" method=\"post\">

	  <fieldset>
	  <legend>Account Information</legend>
	    * User ID: <input type=\"text\" name=\"userid\" value=\"{$userid}\"/><br />
            * User Type: <select name=\"usertype\"\>
              <option value=\"Member\"\>Member</option>
              <option value=\"Admin\"\>Admin</option>
              <option value=\"Teller\"\>Teller</option>
            </select><br />
	    * Password: <input type=\"password\" name=\"userpass\"/><br />
	    * Confirm Password: <input type=\"password\" name=\"userpassconfirm\" /><br />
	  </fieldset>

	  <fieldset>
	  <legend>Personal Information</legend>
	    * First Name: <input type=\"text\" name=\"userfname\" value=\"{$userfname}\"/><br />
	    * Middle Name: <input type=\"text\" name=\"usermname\" value=\"{$usermname}\"/><br />
	    * Last Name: <input type=\"text\" name=\"userlname\" value=\"{$userlname}\"/><br />
	    * Social Security Number: <input type=\"text\" name=\"userssn\" MAXLENGTH=\"9\" /><br />
	    * Birth Date: <input type=\"text\" name=\"userbdate\" value=\"{$userbdate}\" MAXLENGTH=\"2\"/><br />
	    * Birth Month: <input type=\"text\" name=\"userbmonth\" value=\"{$userbmonth}\" MAXLENGTH=\"2\"/><br />
	    * Birth Year: <input type=\"text\" name=\"userbyear\" value=\"{$userbyear}\" MAXLENGTH=\"4\"/><br />
            * Branch Number: <input type=\"text\" name=\"userbranch\" value=\"{$userbranch}\"/><br />
	  </fieldset>

	  <fieldset>
	  <legend>Home Address</legend>
	    * Address Line 1: <input type=\"text\" name=\"useraddone\" value=\"{$useraddone}\"/><br />
	    Address Line 2: <input type=\"text\" name=\"useraddtwo\" value=\"{$useraddtwo}\"/><br />
	    * City: <input type=\"text\" name=\"useraddcity\" value=\"{$useraddcity}\"/><br />
	    * State: <input type=\"text\" name=\"useraddstate\" value=\"{$useraddstate}\"/><br />
	    * Zip: <input type=\"text\" name=\"useraddzip\" value=\"{$useraddzip}\"/><br />
	  </fieldset>

	  <fieldset>
	  <legend>Contact Information</legend>
	    * Phone Number: <input type=\"text\" name=\"userphone\" value=\"{$userphone}\" MAXLENGTH=\"12\"/><br />
	    * Email Address: <input type=\"text\" name=\"useremail\" value=\"{$userphone}\"/><br />
	  </fieldset>

	  <br/>
	  <input type=\"submit\" value=\"Submit\" name=\"submit\"/>
	</form>
	";
}
	
else if($action == "cuas"){ //change user account settings
  if(isset($_GET['resend'])){
    $acctid = $_GET["acctid"];
  }
  else{
      $acctid = "";
  }
  echo "
	<form name=\"admin_user_account_change\" action=\"administrator_home.php?action=cuas\" method=\"post\">
	  <h4>Specify new user account status</h4>
	  <div style=\"border:solid 1px\">
	    <br/>
	    Account ID: <input type=\"text\" name=\"acctid\" value=\"{$acctid}\"/><br /><br/>
	  </div>
	  <br/>
	  <div style=\"border:solid 1px\">
	    <h5>Choose New Status</h5>
	    <input type=\"radio\" name=\"acctstatus\" value=\"open\" /> Open<br />
	    <input type=\"radio\" name=\"acctstatus\" value=\"inactive\" /> Inactive<br />
	    <input type=\"radio\" name=\"acctstatus\" value=\"pending\" /> Pending<br />
	    <input type=\"radio\" name=\"acctstatus\" value=\"onhold\" /> On Hold<br /><br/>
	  </div>
	  <br/>
	  <input type=\"submit\" value=\"Submit\"  name=\"submit\"/>
	</form>
	";
}


else if($action == "respass"){ // change user account password
  echo "
	<form action=\"administrator_home.php?action=respass\" method=\"post\">

	  <h5>Account Information</h5>
	  <div style=\"border:solid 1px;\">
	    User ID: <input type=\"text\" name=\"userid\" /><br />
	  </div>

	  <br/>
	  <input type=\"submit\" value=\"Reset Password\" name=\"submit\"/>
	</form>
	";
}
	
else if($action == "cuai"){ // change user account information
  if(isset($_GET['rightuser'])){ //If appropriate user has been given
    
    $userid=$_GET['userid'];
    $userfname=$_GET['userfname'];
    $usermname=$_GET['usermname'];
    $userlname=$_GET['userlname'];
    $useraddone=$_GET['useraddone'];
    $useraddtwo=$_GET['useraddtwo'];
    $useraddcity=$_GET['useraddcity'];
    $useraddstate=$_GET['useraddstate'];
    $useraddzip=$_GET['useraddzip'];
    $userphone=$_GET['userphone'];
    $useremail=$_GET['useremail'];		
    
    /* else if(isset($_RESPONSE['usergiven'])){     
       $userfname="";
       $usermname="";
       $userlname="";
       $userssn="";

       $userbdate="";
       $userbmonth="";
       $userbyear="";
       $useraddone="";
       $useraddtwo="";
       $useraddcity="";
       $useraddstate="";
       $useraddzip="";
       $userphone="";
       $useremail="";
       }*/
     echo "
	<form action=\"administrator_home.php?action=cuai\" method=\"post\">

	  <h5>Personal Information</h5>
	  <div style=\"border:solid 1px\">
	    First Name: <input type=\"text\" name=\"userfname\" value=\"{$userfname}\" /><br />
	    Middle Name: <input type=\"text\" name=\"usermname\" value=\"{$usermname}\" /><br />
	    Last Name: <input type=\"text\" name=\"userlname\" value=\"{$userlname}\" /><br />
	  </div>

	  <h5>Home Address</h5>
	  <div style=\"border:solid 1px\">
	    Address Line 1: <input type=\"text\" name=\"useraddone\" value=\"{$useraddone}\" /><br />
	    Address Line 2: <input type=\"text\" name=\"useraddtwo\" value=\"{$useraddtwo}\" /><br />
	    City: <input type=\"text\" name=\"useraddcity\" value=\"{$useraddcity}\" /><br />
	    State: <input type=\"text\" name=\"useraddstate\" value=\"{$useraddstate}\" /><br />
	    Zip: <input type=\"text\" name=\"useraddzip\" value=\"{$useraddzip}\" /><br />
	  </div>

	  <h5>Contact Information</h5>
	  <div style=\"border:solid 1px\">
	    Phone Number: <input type=\"text\" name=\"userphone\" value=\"{$userphone}\" /><br />
	    Email Address: <input type=\"text\" name=\"useremail\" value=\"{$useremail}\" /><br />
	  </div>

	  <br/>
          <input type=\"hidden\" value=\"{$userid}\" name=\"userid\" />
	  <input type=\"submit\" value=\"Submit New Information\" name=\"submit\"/>
	</form>
	";
  }

  else{
    echo"
	<form action=\"administrator_home.php?action=cuai\" method=\"post\">
	  <div style=\"border:solid 1px;\">
	    User ID: <input type=\"text\" name=\"userid\" /><br />
	  </div>
	  <br/>
	  <input type=\"submit\" value=\"CheckID\" name=\"submit\"/>
	</form>
	";
  }
}
else{
  echo '<strong>Please click on a link above!</strong>';
}
?>
</div>
<?php
include("../includes/footer.php");
?>
